Trend Micro Fixes Apex One Remote Code Execution Vulnerability and Releases Security Patches

2026-02-28 14:22

Keywords:

Favorite

Wedoany.com Report on Feb 28th, Trend Micro recently released security patches for multiple high-severity vulnerabilities in its enterprise endpoint security platform, Apex One. These vulnerabilities primarily affect the Apex One management console and could lead to remote code execution, posing a serious threat to systems that are not promptly patched.

Vulnerability Details: Two Critical Vulnerabilities Exploitable Without Authentication

According to the advisory issued by Trend Micro, vulnerability CVE-2025-71210 "could allow a remote attacker to upload malicious code and execute commands on affected installations." This vulnerability, along with CVE-2025-71211, received a CVSS v3 score of 9.8, classifying them as critical. Both vulnerabilities stem from directory traversal and improper path validation issues within the Apex One management console. Attackers can exploit them remotely without requiring any authentication, indicating an extremely high risk level.

Potential Impact: Attackers Could Bypass Protection and Move Laterally

Apex One is widely used in enterprise environments to detect and respond to malware and advanced threats on endpoints. Due to its extensive endpoint visibility and control capabilities, vulnerabilities in the platform, if exploited, could lead to cascading security risks. Attackers could potentially use them to bypass security measures, move laterally within corporate networks, and deploy ransomware or other malicious payloads, all while being difficult to detect immediately.

Other Fixes: Two Local Privilege Escalation Vulnerabilities Require Low-Privilege Access

In addition to the aforementioned remote code execution vulnerabilities, Trend Micro also patched two local privilege escalation vulnerabilities affecting the Apex One agent, identified as CVE-2025-71212 and CVE-2025-71213, with a CVSS score of 7.8. This type of vulnerability requires an attacker to first gain low-privileged access to the system. However, in multi-stage attacks, they are often used to elevate privileges and enhance persistence, paving the way for subsequent attacks.

Mitigation Recommendations: Apply Patches Promptly and Strengthen Management Console Protection

Currently, Trend Micro has provided patches for all vulnerabilities, and no reports of active exploitation in the wild have been observed. Security experts recommend that organizations adopt a layered security approach. In addition to deploying patches promptly, they should strengthen access controls, system hardening, and monitoring capabilities to reduce risk and enhance overall resilience. As a core platform for enterprise endpoint security, weaknesses in the Apex One management console should be prioritized in risk management. Strictly limit the exposure of management ports and enable multi-factor authentication.

Japan

Information and Communication Information Security and Data Security Engineering

This bulletin is compiled and reposted from information of global Internet and strategic partners, aiming to provide communication for readers. If there is any infringement or other issues, please inform us in time. We will make modifications or deletions accordingly. Unauthorized reproduction of this article is strictly prohibited. Email: news@wedoany.com

Previous：Ericsson Launches Agentless Linux EDR Capability to Strengthen 5G and Core Network Security Protection

Next：TIA Advances AI Data Center Infrastructure DCE 9000 Quality Standards